.TH Cutelyst@PROJECT_VERSION_MAJOR@Qt@QT_VERSION_MAJOR@Session 5 "2023-12-01" "Cutelyst@PROJECT_VERSION_MAJOR@Qt@QT_VERSION_MAJOR@Session @PROJECT_VERSION@"

.SH NAME
Cutelyst@PROJECT_VERSION_MAJOR@Qt@QT_VERSION_MAJOR@Session - Configuration of the Session Plugin for the Cutelyst Web Framework
.SH DESCRIPTION
The Session plugin for Cutelyst can be used to generate user sessions that are stored on the server side in a session store and on the user side in a session cookie. The name of the session cookie is the name of the application + "_session".
.SH CONFIGURATION
The Session plugin can be configured in the Cutelyst application configuration file in the
.I Cutelyst_Session_Plugin
section.
.PP
.I expires
(integer or string value, default: 2 hours)
.RS 4
The expiration duration of the session. Can be given as time span where the following time units are understood:
.IP \(bu 4n
usec, us
.IP \(bu
msec, ms
.IP \(bu
seconds, second, sec, s
.IP \(bu
minutes, minute, min, m
.IP \(bu
hours, hour, hr, h
.IP \(bu
days, day, d
.IP \(bu
weeks, week, w
.IP \(bu
months, month, M (defined as 30.44 days)
.IP \(bu
years, year, y (defined as 365.25 days)
.PP
If no time unit is specified, generally seconds are assumed. Examples for valid time span specifications:
.PP
.RS 4
.EX
2 h
2hours
48hr
1y 12month
55s500ms
300ms20s 5day
.EE
.RE
.RE
.PP
.I verify_address
(boolean value, default: false)
.RS 4
If enabled, the plugin will check if the IP address of the requesting user matches the address stored in the session data. In case of a mismatch, the session will be deleted.
.RE
.PP
.I verify_user_agent
(boolean value, default: false)
.RS 4
If true, the plugin will check if the user agent of the requesting user matches the user agent stored in the session data. In case of a mismatch, the session will be deleted.
.RE
.PP
.I cookie_http_only
(boolean value, default: true)
.RS 4
If true, the session cookie will have the httpOnly flag set so that the cookie is not accessible to JavaScript's Document.cookie API.
.RE
.PP
.I cookie_secure
(boolean value, default: false)
.RS 4
If true, the session cookie will have the secure flag set so that the cookie is only sent to the server with an encrypted request over the HTTPS protocol.
.RE
.SH EXAMPLES
.RS 0
[Cutelyst_Session_Plugin]
.RE
.RS 0
expires="1 hour"
.RE
.SH LOGGING CATEGORY
cutelyst.plugin.session
.SH "SEE ALSO"
.BR Cutelyst@PROJECT_VERSION_MAJOR@Qt@QT_VERSION_MAJOR@MemcachedSessionStore (5)
